IoT is the name given to consumer devices that you can buy and then attach to the Internet for various reasons (I’ve written about IoT before). Many of these devices have really poor security. They commonly have default and well-known passwords that many users don’t change. So there are lots of Internet-connected devices (easily discoverable with databases like Shodan) with no protection against someone who knows the default passwords.

Brian Krebs has a lot of good detail about yesterday’s attack and how it was the work of IoT devices like video cameras and DVRs controlled by Mirai. Mirai is (publicly available!) malware that scours the Internet looking for devices with default passwords and uses them to attack specific targets. Yesterday someone pointed those devices at dyn.com, and that’s why you had trouble tweeting about why you couldn’t listen to your music.

Manufacturers have sold a lot of this IoT junk, and we’ll be stuck with this sort of thing for years.